Cloud NGFW for Azure
Configure DNS Security
Table of Contents
Expand All
|
Collapse All
Cloud NGFW for Azure Docs
Configure DNS Security
Enable DNS Security on Cloud NGFW for Azure to proactively detect and defend against
DNS-based threats using predictive analysis and machine learning.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Domain Name Service (DNS) is a critical and foundational protocol of the internet, as
described in the core RFCs for the protocol. Malicious actors have utilized command and control (C2)
communication channels over the DNS and, in some cases, have even used the protocol
to exfiltrate data. DNS exfiltration can happen when a bad actor compromises an
application instance in your VPC and then uses DNS lookup to send data out of the
VPC to a domain that they control. Malicious actors can also infiltrate malicious
data and payloads to the VPC workloads over DNS. Palo Alto Networks Unit 42 research
has described different types of DNS abuse
discovered.
Cloud NGFW for Azure allows you to protect your VPC traffic from advanced DNS-based
threats, by monitoring and controlling the domains that your VPC resources query.
With Cloud NGFW for Azure. You can deny access to the domains that Palo Alto
Networks considers bad or suspicious and allow all other queries.
Cloud NGFW uses the Palo Alto Networks DNS Security service which proactively detects malicious domains by generating DNS
signatures using advanced predictive analysis and machine learning, with data from
multiple sources (such as WildFire traffic analysis, passive DNS, active web
crawling & malicious web content analysis, URL sandbox analysis, Honeynet, DGA
reverse engineering, telemetry data, whois, the Unit 42 research organization, and
Cyber Threat Alliance). DNS security service then continuously distributes these DNS signatures to your
Cloud NGFW resources to proactively defend against malware using DNS for command and
control (C2) and data theft.
DNS Security for Cloud NGFW requires Panorama. Configure all DNS Security-related
policy rules on Panorama and push them to Cloud NGFW resources as part of a Cloud
Device Group.
To inspect DNS traffic, you must enable DNS Proxy on your Cloud NGFW using the Azure
portal.
- Log in to the Azure portal.Click the Cloud NGFW icon under Azure Services.Select your Cloud NGFW instance.Enable DNS Proxy.
- Select SettingsDNS Proxy.Select the Enabled radio button.Use the default DNS server or select Custom and specify a DNS server previously configured in your virtual network.Click Save.Navigate to the local rulestack associated with your Cloud NGFW instance.Select Security Services.Enable DNS Security.Enabling DNS Security requires that you enable antispyware. Additionally, both DNS Security and antispyware must be set to best practices.